Lucene search
K

33 matches found

NVD
NVD
added 2026/07/08 5:16 a.m.13 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.35 views

CVE-2026-14158 Widget Logic Visual <= 1.52 - Authenticated (Subscriber+) Remote Code Execution via 'nwlv[cod-tag]' Parameter

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS0.00516EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 4:30 a.m.6 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 4:30 a.m.23 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 4:30 a.m.10 views

EUVD-2026-42161

The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widgetlogicvisualcheckvisibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56310

Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions prior to 1.53 Description Authenticated attackers with subscriber-level access and above can achieve remote code execution on the server. The issue occurs during the widget-logic-update-conditional-tags AJAX action...

8.8CVSS6.6AI score0.00516EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.4 views

CVE-2025-68842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

7.1CVSS5.5AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.4 views

CVE-2025-68842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

7.1CVSS0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.7 views

CVE-2025-68842

CVE-2025-68842 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Widget Logic Visual . Affected software: Widget Logic Visual

7.1CVSS5.5AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-68842 WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

5.3AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.21 views

CVE-2025-68842 WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through = 1.52...

7.1CVSS0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Widget Logic Visual 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.6AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21104

Name of the Vulnerable Software and Affected Versions Widget Logic Visual versions through 1.52 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Reflected Cross-site Scripting XSS. This means an attacker...

5.4AI score0.00183EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/27 11:46 a.m.5 views

WordPress Widget Logic Visual plugin <= 1.52 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Widget Logic Visual versions = 1.52...

7.1CVSS5.9AI score0.00183EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.7 views

CVE-2025-32222

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

9.9CVSS7AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.6 views

CVE-2025-32222

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

9.9CVSS0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.4 views

CVE-2025-32222 WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

9.9CVSS6.5AI score0.00448EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:53 p.m.8 views

EUVD-2025-38031

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

6.5AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2025/11/06 3:53 p.m.68 views

CVE-2025-32222

CVE-2025-32222 affects WordPress Widget Logic plugin, with Code Injection allowing Remote Code Execution in Widget Logic

9.9CVSS6.6AI score0.00448EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:53 p.m.14 views

CVE-2025-32222 WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through = 6.0.5...

9.9CVSS0.00448EPSS
Exploits0References1
Rows per page
Query Builder